mirror of https://github.com/django/django.git
Fixed #3872 -- Fixed incorrect handling of HTTP_X_FORWARDED_FOR in SetRemoteAddrFromForwardedFor. Thanks, Simon Willison and gregorth
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6364 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
parent
4541a4d3a9
commit
0f4fb9755c
|
@ -55,6 +55,7 @@ class SetRemoteAddrFromForwardedFor(object):
|
|||
return None
|
||||
else:
|
||||
# HTTP_X_FORWARDED_FOR can be a comma-separated list of IPs.
|
||||
# Take just the first one.
|
||||
real_ip = real_ip.split(",")[0]
|
||||
# Take just the last one.
|
||||
# See http://bob.pythonmac.org/archives/2005/09/23/apache-x-forwarded-for-caveat/
|
||||
real_ip = real_ip.split(",")[-1].strip()
|
||||
request.META['REMOTE_ADDR'] = real_ip
|
||||
|
|
Loading…
Reference in New Issue